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Abstract 

A natural deduction system for intuitionistic predicate logic with ex- 
istential instantiation rule presented here uses Hilbert's e-symbol. It is 
conservative over intuitionistic predicate logic. We provide a complete- 
ness proof for a suitable Kripke semantics, sketch an approach to a nor- 
malization proof, survey related work and state some open problems. Our 
system extends intuitionistic systems with e-symbol due to A. Dragalin 
and Sh. Maehara. 



1 Introduction 

In natural deduction formulations of classical and intuitionistic logic existence- 
elimination rule is usually taken in the form 

A(a) 

3xA(x) C 
— 3~ 

C d 

where a is a fresh variable Existential instantiation is a rule 

3xA{x) 



A{a) 



3i 



where a is a fresh constant. It is sound and complete (with suitable restric- 
tions) in the role of existence-elimination rule in classical predicate logic but is 
not sound intuitionistically, since it makes possible for example the following 
derivation: 

C ^3xA(x),C ^3xA(x) 
C ^3xA(x),C => A(a) 3% 



C -> 3xA(x) C -> A(a) 
C -> 3xA(x) => 3x(C A(x)) 
> (C ^ 3xA(x)) ->■ 3x(C -»• A(x)) 
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There are several approaches in the literature to introduction of restrictions 
making this rule conservative over intuitionistic predicate calculus. 

We present an approach using intuitionistic version of Hilbert's epsilon- 
symbol and strengthening works by A. Dragalin Q] and Sh. Maehara [3] where 
e-terms are treated as partially defined. Then a survey of extensions and re- 
lated approaches including important paper by K. Shirai |12j is given and some 
problems are stated. 

We do not include equality since in this case adding of e-symbol with natural 
axioms is not conservative over intutionistic logic ([SHU]). A simple counterex- 
ample due (in other terms) to C. Smorynsky |13j is 

\/x3yP(x, y) — > \/xx'3yy' ' (PxylkPx' y '&z(x = x' — > y = y')) 

In our natural deduction system NJe axioms and propositional inference rules 
are the same as in ordinary intuitionistic natural deduction, the same holds for 
V-introduction. The remaining rules are as follows: 

T =*> 3xF{x) 

r => F{exF(x)) 3l (1) 

existential instantiation, 

r^>U A=>VzF(z) r=^ti A -4 F(t) 

r, A 5 F(t) r, A 5 3zF(z) (2) 

where 

exA(x) i:= 3y(3xA(x) -4 A(y)), (3) 

and t 4-:= T (the constant "true") if t is a variable or constant. 

Two semantics are given for NJe, or more precisely to an equivalent Gentzen- 
style system IPCe (Section [2]). The first semantics, which is incomplete but 
convenient for a proof of conservative extension property over IPC is defined in 
Section [3] 

The second semantics with a completeness proof for IPCe is given in Section 

H 

Section [5] presents a sketch of a possible proof of a normal form theorem. 
Section [6] surveys some of the previous work and Section [7] outlines some open 
problems. 

2 Gentzen-style system IPCe 

Let us state our Gentzen-style rules for the intuitionistic predicate calculus 
IPCe with e-symbol. For simplicity we assume that the language does not have 
function symbols except constants. Formulas and terms are defined by familiar 
inductive definition plus additional clause: 
If A(x) is a formula then exA(x) is a term. 
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Derivable objects of IPCe are sequents T ^ A where T is a finite set of 
formulas, A is a formula. This means in particular that structural rules are 
implicitly included below. 

First, let's list the rules of the intuitionistic predicate calculus IPC without 
e-symbol. 

Axioms: 

T,A^> A, T,±^A. 

Inference rules: 

T^A T^B „ A,B,T=>G 



r => AhB A&B.T^G 



A,T^G B.T^G r^-A T^B 



AWB,T^G T AV B T => AV B 

r => a £?, r => g ^,r^>s 

■ — ■ =>h» 

a — > b, r g r^-A^s 

r =» r A(b) 

r=>3:z;A(x) ^ T^VxA(x) ^ 

A(b),T^G A(t),T->G 



3xA(x), r ^ G Vasi4(x), T ^> G 

r^G G,r^G 

- Gwi 



r -> g 

For IPCe quantifier-inferences =>■ 3,V => arc modified by requirement that the 
term i substituted in the rule should be "defined" (cf. (O). 

r=^u F(t),A=>A T^A,U r-^A,F(i) 

VzF(z), T, A =^ A V ^ A,3zF(z) ^ 3 (4) 

3 =>-rule is also changed for IPCe: 

A(exA(x))T =>- G 
T, 3xA(x) ^ G 3e ^ (5) 

A routine proof shows that IPCe is equivalent to a Hilbert-style system obtained 
by weakening familiar axioms for quantifiers to 

(eQl) 1 1 kVxA(x) -> A(t) 

(eQ2) 1 1 kA(t) -> 3xA(x) 

and adding the axiom 

3xA(.t) -> A(exA(x)) 
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2.1 Equivalence of IPCe and NJe 

Let us remind that in natural deduction a sequent 

Ai,...,A n ^A 

is used to indicate that A is deducible from assumptions Ai, . . . , A n . 

Theorem 1 A sequent is provable in NJe iff it is provable in IPCe. 

Proof. The proof is routine: every rule of one of these systems is directly 
derivable in the other system. Let's show derivations of the rules 3i and 3 => 
from each other using abbreviation e := exF(x). 

F{e) F{e) 3xF{x) 3xF{x) . F(e), T G 

r -> 3xF(x) 3xF(x) 5 F(e) 3 ^ 3x.F(x) 5 F(e) 3 * r 5 F(e) ->• G 
r => F(e) 3xF(x),T^ G 

3 A Kripke Semantics for Intuitionistic e-symbol 

To prove that IPCe is conservative over IPC we present an incomplete semantics 
modifying a semantics from pQ. The main modification is in the definition of 
t \. and treatment of atomic formulas containing e-terms ex A. 

Definition 1 Let w be a world in a Kripke model. Denote 

exA(x) -Iw := w \= exA{x) \. . 

We say that a term ex A is defined in w iff exA(x) 4- w. 

Symbol _L in in next definition indicates the condition (J6j> below. 

Definition 2 An intuitionistic Kripke eJ^-model (or simply model in this sec- 
tion) 

M = (W,<,D,\=,V) 

has to satisfy the following conditions: 

(W, <) is a Kripke frame with a strict partial ordering < , 

D is a domain function assigning to every w S W a non-empty set D{w) 

monotone with respect to <, 

w \= A is a relation between worlds w £ W and atomic formulas A with 

constants from 

D := U weW D(w) 
monotonic with respect to < and such that 

w y= A if A contains at least one constant in D — D(w). (6) 

V is a valuation function assigning a constant V{e, w) £ D to any e-term e 
(possibly containing constants from D) and w £ W. 
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The relation \= is extended to composite formulas in the familiar way. The 
components of an e-model have to satisfy following conditions. 

V(exB(x, eyC),w) = V{exB(x, V(eyC, w)),w), (7) 

w h A(eyC) ^w^ A(x, V(eyC)), (8) 

where substitution of eyC is safe, that is no free variable of eyC becomes bound. 
Also 

if e \rW for a term e := exA(x), then 

V(e,w) £ D(w) and V(e,w') — V(e,w) for every w' > w. 

Note once more that an atomic formula P{d\, . . . , d n ) is false in a world w if at 
least one of di is not in D(w). 

This leads to incompleteness, for example formula 

P(exP(x)) 3xP(x) 

is valid: if exP(x) is undefined in a world w then the premise is false in w, 
otherwise the conclusion is true. However this formula is not derivable, since it 
implies (C 3xP(x)) 3x(C P(x)). 

The proofs of the next lemmata are routine. 

Lemma 1 Let t be a closed term, A a closed formula with constants from D. 
Then 

w <w' ->• (t I w 1 1 v'k (w \= A ->• w' \= A)) 
Proof. Simultaneous induction on t, A. 

Lemma 2 If T is a set of formulas, G a formula then T h G in IPCe implies 
T^G. 

Proof. Induction on derivations. Checking the rule 3 =>■ uses the fact that 
3xA(x) implies exA{x) \,. It may be interesting to check whether any other 
properties of the formula t \. are used. H 

Theorem 2 If A, B formulas without e-symbol then A h B in IPCe implies 
A\- B in intuitionistic predicate logic IPC. 

Proof. We need to prove that for every Kripke model 

M = (W,<,D, ho) 

for intutionistic predicate logic refuting A — > B there is an IPCe-model refuting 
A—> B. Before applying the construction from 1., let us recall a refinement of 
a completeness theorem for intuitionistic predicate logic IPC. 

Lemma 3 The following additional requirements to the definition of Kripke 
frame (W, <,D) for IPC are still complete: 
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1. W is a countable tree with a root such that each w £ W except has 
unique immediate <-predecessor and the number of predecessors of w is 
finite. 

2. domains D(w) are strictly increasing: if w < w' then D(w) is a proper 
subset of D(w'). 

Proof. The requirement Q] is satisfied by the canonical proof search tree for a 
given sequent, see for example |S]. To satisfy the second requirement, note that 
an infinite branch of the canonical proof search tree does not have "leaf worlds" : 
for every w £ W there exists aw' > w. Now take a fixed element e £ D(wq) 
and duplicate it by a fresh element, say e w in every world w. More precisely for 
the new domain function D' define 

e w £ D'(w) - D'{w~), 

where w~ is the immediate predecessor of w. Let's extend the relation |= by 
identifying e w and e, more precisely define for atomic formulas P(c±, . . . ,c n ) 
with constants c, £ D'(w) 

w |= P(ci,...,Cn) := w \= p ( c i ,---, c n) 

where c~ = e, if Cj = e w and — C{ otherwise. It is easily proved by induction 
on formulas that this property extends to all formulas: 

w \= A(a, . . . ,c„) implies w \= A(c[,. . . ,c~) 

so that the new model verifies (and refutes) the same formulas. H 

Proof of the Theorem [2] We extend the model for IPC satisfying the pre- 
vious Lemma by the definition of values for e-terms without changing domains 
D(w), which is done by induction on construction of the term. Assume that 
the elements of D are well-ordered by a relation -< in some arbitrary way. In 
view of the condition (J7J it enough to define V(exA, w) when ex A does not have 
proper non-closed e-subterms. In that case, 

if exA(x) i to, take the <-minimal element v < w such that exA 1 v, then 
define 

V(exA(x),w) := the ^-first d £ D(v){v |= (3xA(x) -> A(d))) 
If not exA(x) I w, define V(exA(x), w) as the -<-first d G D — D(w). H 

4 Completeness proof for IPCe 

We prove that removing condition ([5]) but preserving familiar monotonicity re- 
quirement 

w < w' -> (w\=A-tw'\= A) (9) 

leads to a complete semantics for IPCe. 

For simplicity consider term models where individual domain D(w) for every 
world w consists of terms, and evaluation function for terms is identity: value 
of a term t is t. In particular the value of exA is exA. 
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Definition 3 An intuitionistic Kripke (term) e-model (or simply e-model) 

M = (W,<,D,^,V) 

has to satisfy the following conditions. 

(W 1 <) is a Kripke frame with a strict partial ordering <, 

D is a domain function assigning to every w G W a non-empty set D{w) 

(of terms) monotone with respect to <, 

w \= A is a relation between worlds w and atomic formulas A with constants 

from 

D := U weW D(w) 

monotonic with respect to < . 

V is a valuation function assigning a constant V{e, w) G D to any e-term e 
(possibly containing constants from D ) and w G W. (In a term model V(e, w) — 
e). 

The relation \= is extended to composite formulas in the familiar way. The 
components of an e-model have to satisfy following conditions. 

V(exB(x, eyC),w) = V(exB(x, V(eyC, w)), w) (10) 

w |= A(eyC) o w \= A(x, V(eyC)) (11) 

where substitution of eyC is safe, that is no free variable of eyC becomes bound. 
Also if e lw for a term e := exA(x), then 

V(e,w) G D{w) and V(e 7 w') = V(e, w) for every w' > w. 

Let's present a completeness proof along familiar lines. 

Definition 4 An infinite sequent is a pair of sets T, A of formulas such that 
there is an infinite number of variables not in T U A. An infinite sequent w is 
written as T =$> A and notation 

w a := T, w s := A 

is used for its antecedent and succedent. 

L w denotes the set of all terms and formulas with free variables and constants 
occurring in formulas ofw. 

D(w) is the set of all terms t G L w such that (t \.) G w a . In other worlds 
D(w) consists of all free variables and constants in w plus all e-terms exA(x) 
such that 3y(3xA(x) — > A(y)) G w a . 

An infinite sequent w is consistent, if it is underivable, that is if no finite 
sequent T A with T G w a , A G w s is derivable in IPCe. 

A consistent infinite sequent w is maximal consistent if w a U w s is the whole 
set of formulas in L w . 

Lemma 4 Every consistent infinite sequent u> can be extended to a maximal 
consistent sequent. 
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Proof. Enumerate all formulas containing only free variables and constants in 
L WQ , then add them one by one to w a or w s preserving consistency. At the n-th 
stage of this process a sequent w n , an extension of wo by a finite number of 
formulas is generated. 

It cannot happen that at some stage n of this process a formula A fits none 
of w2,Wg, i.e., both of 

are inconsistent, since in that case to™ => iw™ is inconsistent by a cut rule. H 
Important example. If w is VxP{x) =>■ P{exQ{x)) with P ^ Q, and the first 
"undecided" formula is 3y(3xQ(x) — > Q(y)) then this formula is added to the 
succedent, since adding it to the antecedent results in an inconsistent sequent. 

Lemma 5 Every maximal consistent infinite sequent w is closed under invert- 
ible rules of multiple- succedent version of IPCe, that is under all rules except 
=> V, >. More precisely 

{A&.B) G w a implies A E w a and B E w a , 

(A — > B) E w a implies A E w s or B E w a , 
{Ay B) E w a implies A E w a or B E w a , 

{yxA{x)) E w a implies (Vi G D{w)){A{t) G w a ) 
{3xA{xj) E w a implies A{exA{x)) E w a 
{Ay B) E w s implies A G w a and B G w a , 
(^4&i3) G w s implies A E w a or B E w a , 

(3xA(x)) E w s implies (Vi G D{w)){A{t) G w s ) 

Proof. Suppose (^4&£?) G w a . If A ^ w a then by maximality ie«j s . Therefore 
w is inconsistent. 

Suppose yxA E w a . If w a for some t G D{w) then by maximality 
.A(t) e w s- Therefore Vxyl => is derived by one application of the V =>■- 
rule, and hence w is inconsistent. Note that additional premise 1 1 of this rule 
is available by t E D{w). 

Other cases are similar. H 

Definition 5 For infinite sequents w, w' define 

w < w' iff w a C w' a and D{w) C D{w') 

Lemma 6 TTie sei of maximal consistent sequents is closed under non-invertible 
rules =>—)•, =>■ V. More precisely, 

For every maximal consistent sequent w, if {A — ^ B) G w s £/ien f/iere exzsis 
a maximal consistent sequent w' > w with A E w' a , B E w' s . 

For every maximal consistent sequent w, ifyxA{x) E w s then there exists 
a maximal consistent sequent w' > w with A{a) E w' s for some variable a, 
a E D{w'). 
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Proof. If (A — > B) G w s then the sequent A,w a => B is consistent, since 
otherwise one application of the rule =>—y leads to inconsistency of w. Now 
extend A, w a B to a complete consistent sequent. 

If VxA(x) G w s then the sequent w a => A(a) for a fresh variable a is consis- 
tent, since otherwise one application of the rule => V leads to inconsistency of 
w. Now extend A,w a => B to a complete consistent sequent. H 

Definition 6 (Canonical model) Consider the following model 

M = (W, <, V", |=)- 

W is ifte set of all maximal complete sequents, <,V are as above, 
w \= A iff A e w a for atomic formulas A. 

This definition implies that w Y= A for atomic A G w s , since otherwise w is 
inconsistent. 

Lemma 7 T/ie relation |= /or atomic formulas and the function D is mono- 
tonic. 

Proof. Consider only D(w). Let w < w' . All variables and constants in 
D(w) are in D(w') by the definition of <. Assume exA(x) £ D(w), that is 
exA(x) I G uv Then eccA(x) |G wj, by w< and hence exA(x) G D{w'). 
H 

Lemma 8 For every formula A G L u , 

1. Ae«i a implies w \= A, 

2. A G w s implies w y= A, 

Proof. Induction on formulas using Lemmata 15 16 1 For example, if AhB G w a 
then A 7 B G w a , therefore w \= A, w \= B by induction hypothesis, and hence 
w \= AkB. 

If \/xA G w s then there exists w' > w such that A{a) G w' s for some variable 
a G D(w'). Therefore w' \£ A(a) and hence w Y= \/xA(x). H 

Theorem 3 T/ie system IPCe is sound and complete. 

Proof. Soundness is checked as before. For completeness take arbitrary under- 
ivable formula A, then extend sequent => A to a maximal consistent set w. By 
previous Lemma it) ^= A. H 

5 Cut-free Formulation, Normal Natural Deduc- 
tion 

It is plausible that completeness proof for the rules with cut given in a previous 
section [4] can be modified to provide completeness of a cut-free formulation. 
As our examples above show, complete cut-elimination is impossible. One has 
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to admit cuts for formulas of the form exA(x) J. where exA(x) occurs in the 
conclusion. The following proof where e := exP(x) is an example. 

3xP{x) => e 1 ^P(e),P(e),3xP(x) => P(0) 
Vx^P(x),P{e),3xP{x) => P(0) 
Vz-P(a;),P(e) 3xP(x) P(0) 3y{3xP(x) -> P(y)) ^ e | -P(e), P(e) => 

Vx-P(x),P(e) 3y(3.TP(.T) P(y)) 3y(3a;P(a;) ->■ P{y)), Vx^P{x), P(e) => 

Vx-P(a;),P(e) ^ 

Let's outline a possible proof that this restriction is complete. 

First, the definition of the canonical model should be modified along the 
lines of a proof by M. Fitting [2] (cf. also [8]). Our definition of a complete 
consistent sequent in the section |4] requires that such a sequent w contains every 
formula of its language L w as a member of its antecedent or succedent. This 
requirement is weakened as follows. 

For any formula F in L w either F £ w a UWb or there is a clash: both sequents 

w a => Wb,F and P, w a => wi, 

are cut-free derivable. This should provide completeness of a multiple-sequent 
cut-free formulation. Then equivalence to a cut-free one-succedent formulation 
should be proved by pruning and permutation of inferences as in ]8] . Finally cut- 
free one-succedent derivations are transformed into a normal natural deductions 
as in [7]. 

6 Comparison with Previous Work 

6.1 System IPCQe 

Let 3exA(x) := 3xA(x). 

A. Dragalin's system IPC fie from [I] for a given language fie is obtained by 
weakening familiar axioms for quantifiers 

(eQl) 3t&Va;A(x) A(t) 

(eQ2) 3t&A(t) -> 3a;A(x) 

and adding the axiom 

3xA(x) A(exA(x)) 

A. Dragalin in [1] tried to avoid as much as possible dealing with a value of an 
e-term in a world w where the term is not defined. Values (in a given world 
w) are assigned only to e-terms defined in w, and many intermediate results 
are proved only for the case when all relevant e-terms are defined. Nevertheless 
soundness is established for all formulas, without any restrictions. As pointed 
earlier, this system is not complete. 

In Section [3] we changed the definition of a model from [1] to a more uniform 
version: e-term e which is not defined at the world w is assigned a value at 
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w, but this value does not belong to the individual domain D{w). To make 
this possible, the Kripke frame underlying the model and the domain function 
should satisfy additional conditions that still guarantee completeness. 
Let us consider other systems in the literature. 

6.2 Systems with 3y(3xA(x) — > A(y) as Existence Condition 

In systems due to to Sh. Maehara and K. Shirai [HH2], instead of using 3xA(x) 
as a discriminating criterion, a weaker formula 3y(3xA(x) — > A{y)) is employed. 
This still allows to anticipate a correct future value of the term exA(x) in a world 
uu even if 3xA(x) fails in uu. 

Sh. Maehara treats weaker language than ours: exA{x) is a syntactically 
correct term only if it is closed. He proves (using partial cut-elimination and 
other syntactic transformations) conservativity over IPC of the rules 

T,3xA(x) A{exA(x)), A => G 

r,A g 3e 

T=>tl F(t),A^G r=Wi A^F(t) 

\fzF(z),T,A^ G r,A =► 3zF(z) (12) 

where 

exA(x) 4.:= 3y(3xA(x) -» A(y)); a |:= T (13) 

Here T is the constant true, a is an arbitrary variable. 

Note that the first of these rules contains a hidden cut. This conservativity 
result is used to establish a kind of completeness theorem for IPC over a modi- 
fication of Kripke semantics, although this modification is not stated explicitly. 
More precisely, Sh. Maehara proves Kripke-style soundness and completeness 
result for the relation Ada between formulas A and complete consistent (in his 
sense) subsets a of the set of formulas. Only his condition for V is not standard: 
VxA(x) € a o {3B)(B G a&V/M[5 e /3 -> (t G Dp -> A(t) G /3)]) 
To establish this condition he uses admissibility of the following rule in his 
system: 

3y(3x^A{x) -> ^A(y)) -> A(ex->A(x)) 
VxA(x) 

This rules approximates equivalence 

VxA(x) o A(ex-<A(x)) 

which is valid only classically. 

K. Shirai [12] removes restriction to closed e-terms. He considers a language 
with the existence predicate denote by D. Instead of rules used by Maehara he 
considers following axioms: 

D(t),3y(3xA(x, t) -> A(y, t) => D(exA(x)) (14) 

D(t),3xA(x, t) A(exA(x, t),t) 
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plus standard modifications of quantifier rules for the system with existence 
predicate D. 

He proves conservativity of his system over IPC by a combination of a partial 
cut-elimination and Maehara's argument. 

D. Leivant [3] and V. Smirnov |14j define logical systems with e-symbol 
conservative over IPC by requiring that assumptions discharged in natural de- 
duction rules contain no e-symbol. These systems are probably much weaker 
than IPCe. The system introduced by the author in 9. is certainly weaker 
than IPCe: a sequent containing subterm exA(x, y) with a bound variable y is 
syntactically correct only provided ^y3xA(x, y) is a member of the antecedent. 

7 Further Work 

Complete proof of cut-elimination for IPCe and of normal form theorem for NJe. 

Give a syntactic proof of cut-elimination for IPCe and of normalization for 
NJe. 

Provide a semantics for the systems by Sh. Maehara and K. Shirai [H [12] 
and find out whether these systems admit cut-elimination. It seems that the 
system by Shirai provides the most general formulation of the idea that e-terms 
is partially defined in some arbitrary way. The restriction D(t) allowing to 
quantify over value of t can be arbitrary predicate with the only condition (IT?)) . 
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